Article Read Time

1. Cisco Catalyst SD-WAN Manager zero-day under active exploitation (CVE-2026-20245). Attackers are actively exploiting a privilege-escalation flaw in Cisco Catalyst SD-WAN Manager that lets an authenticated local user upload a crafted file and execute commands as root. At the time of writing, no patch is available, leaving network operators dependent on access controls and monitoring. Because SD-WAN Manager sits at the heart of enterprise network orchestration, a successful exploit hands attackers sweeping control.
Source: Help Net Security — https://www.helpnetsecurity.com/2026/06/05/cisco-sd-wan-cve-2026-20245-0-day-exploited/
2. DragonForce ransomware tunnels command-and-control through Microsoft Teams Symantec and Carbon Black researchers uncovered a custom Go-based remote access trojan, dubbed Backdoor.Turn, that conceals its command-and-control traffic inside Microsoft Teams relay infrastructure. The backdoor was deployed against a major U.S. services firm by actors tied to the DragonForce operation. Abusing trusted collaboration platforms lets attackers blend malicious traffic with everyday business activity, complicating detection.
Source: The Hacker News — https://thehackernews.com/
3. Iranian group Handala claims breach of California Water Service The Iran-linked hacktivist group Handala claimed an intrusion into California Water Service (Cal Water), publishing roughly 5GB of data that allegedly includes customer personal information and credentials for the RTKBase platform. Cal Water confirmed on June 15 it was investigating the claims. The incident underscores the persistent targeting of U.S. critical infrastructure by state-aligned actors.
Source: SecurityWeek — https://www.securityweek.com/iranian-cyber-group-handala-claims-cal-water-hack/
4. “The Gentlemen” ransomware group industrializes EDR killers. Researchers detailed how the Gentlemen ransomware-as-a-service operation now develops and maintains a full suite of endpoint detection and response “killers,” handed to affiliates to disable defenses before deploying the encryptor. The tooling is built around a framework known as GentleKiller. The trend signals a maturing market for defense-evasion tooling that lowers the bar for affiliates to neutralize protections.
Source: The Hacker News — https://thehackernews.com/
5. Conti loader developer admits role in cybercrime operation Oleksii Oleksiyovych Lytvynenko admitted to helping develop a loader used by the Conti ransomware gang, a notable win in the long-running international effort to dismantle the group’s infrastructure and personnel. The plea reflects sustained law-enforcement pressure on the ransomware ecosystem and the individuals who build its tooling.
Source: SecurityWeek — https://www.securityweek.com/
